The vulnerability of the Array.prototype.concat() function in the njs interpreter on the nginx server allows a hacker to cause a service failure.

The vulnerability of the Array.prototype.concat function in the njs interpreter on the nginx server is related to the execution of the operation beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

CVE-2021-25746

A flaw was found in the ingress-nginx controller. When a user creates or updates ingress objects, credentials of the ingress-nginx controller can be obtained by accessing .metadata.annotations...

CVE-2021-25745

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default...

Kubernetes ingress-nginx 输入验证错误漏洞

Kubernetes ingress-nginx is the entry controller for Cloud Native Computing Foundation's Kubernetes, using NGINX as a reverse proxy and load balancer. A security vulnerability exists in Kubernetes ingress-nginx. No information about the vulnerability is available at this time, so please stay tune...

Kubernetes ingress-nginx 输入验证错误漏洞

Kubernetes ingress-nginx is the entry controller for Cloud Native Computing Foundation's Kubernetes, using NGINX as a reverse proxy and load balancer. A security vulnerability exists in Kubernetes ingress-nginx. No information about the vulnerability is available at this time, so please stay tune...

CVE-2021-23055

On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2021-23055

On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Code injection

On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Security Bulletin: A Security Vulnerability affects IBM Cloud Private - NGINX (CVE-2019-20372)

Summary A Security Vulnerability affects IBM Cloud Private Vulnerability Details CVEID: CVE-2019-20372 DESCRIPTION: NGINX could allow a remote attacker to obtain sensitive information, caused by a flaw in certain errorpage configurations. By sending a specially crafted request, a remote attacker...

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - nginx (CVE-2018-16844, CVE-2018-16845, CVE-2018-16843, CVE-2019-7401)

Summary Security Vulnerabilities affect IBM Cloud Private - nginx Vulnerability Details CVEID: CVE-2018-16844 DESCRIPTION: nginx is vulnerable to a denial of service, caused by a flaw when complied with ngxhttpv2module. By sending a specially-crafted HTTP/2 request, a remote attacker could exploi...

CVE-2021-23055

CVE-2021-23055 affects NGINX Ingress Controller: versions 2.x before 2.0.3 and 1.x before 1.12.3 allow Ingress resources to bypass the -enable-snippets restriction, enabling snippet injections via ingress service account. Impact reported as potential access to secrets; attacker must have Privileg...

CVE-2021-23055

On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CLSA-2022-1650377152 Fix CVE(s): CVE-2020-11724

SECURITY UPDATE: HTTP request smuggling in Lua module - debian/modules/nginx-lua: Fix parsing HTTP headers in the ngx.location.capture API porting an upstream patch 9ab38e8ee35fc08a57636b1b6190dca70b0076fa from https://github.com/openresty/lua-nginx-module - CVE-2020-11724...

Nginx denial-of-service vulnerability

A denial of service vulnerability exists in Nginx NJS version 0.7.2, which stems from the njsvmcodearray component in /src/njsvmcode.c containing a NULL pointer dereference. An attacker could exploit this vulnerability to cause the program to crash...

The vulnerability of the nginx HTTP server, related to deficiencies in HTTP request processing, allows attackers to gain unauthorized access to information.

The vulnerability of the nginx HTTP server is related to deficiencies in HTTP request processing. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to sensitive information...

A week in security (April 11 – 17)

Last week on Malwarebytes Labs: Credential-stealing malware disguises itself as Telegram, targets social media users Old Play Store apps served notice by upcoming API level changes Denonia cryptominer is first malware to target AWS Lambda Ransomware: March 2022 review Why identity management...

Access Restriction Bypass

nginx is vulnerable to access restriction bypass. The vulnerability exists because TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates which allows an attacker to gain access to the system and perform unauthorized actions...

Important Photon OS Security Update - PHSA-2022-4.0-0172

Updates of 'xz', 'nginx', 'gzip' packages of Photon OS have been released...

CVE-2022-28049

NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njsvmcodearray at /src/njsvmcode.c...

CVE-2022-28049

NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njsvmcodearray at /src/njsvmcode.c...